lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <449F09E0.2000309@syneticon.de>
Date: Sun Jun 25 23:11:00 2006
From: seclists at syneticon.de (Denis Jedig)
Subject: Whitepaper: IT (in)security implementation in a
	real world example

Greetings to the list,

I have written a short paper on principles and failures of IT security
based on a real-world example of a (yet unpublished) issue with DB
CarSharing - a German car rental company.

Extract:

Preface

This paper is not meant to be a disclosure or accusation. Although it is
based on a true story and describes a rather concerning security-related
issue, its focus is the analysis of security issues in projects heavily
dependant on IT. Its primary goal is to serve as a guideline for people
intending to do better than today.

Story

For a couple of months now DB Carsharing is largely advertized as a
convenient car rental service (you can get cars on an hourly basis)
offered by a company named DB Rent ? a subsidiary of Deutsche Bahn -
throughout all German railway stations. However, this public service
becomes a potential danger to its customers ? due to inherent flaws in
handling of sensitive data, insufficient user restrictions and
significant flaws in vulnerability management.

The paper can be found at
http://syneticon.net/support/security/security-by-example.html
in HTML for your convinience.

Regards,

Denis Jedig
syneticon networks GbR

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ